创建共享目录权限问题 Delphi / Windows SDK/APIhttp://www.delphi2007.net/DelphiAPI/html/delphi_20061115131918227.html
我想通过代码实现设置一个文件夹为共享目录,然后怎么用代码写共享目录权限呢,例如完全控制,只读,修改等,希望能给我一个完整的代码小例子,谢谢各位老大
api,
注册表 ,
windows 系统命令 ( net.. )
etc.
www.richsearch.com
搜索NetShareAdd
创建共享目录我已经实现了,就是设置权限没有实现,NetShareAdd本身带的设置权限的那个参数是个常量,在DELPHI中不好用
权限常量描述:
// TRUSTEE_ACCESS flags
//
#define TRUSTEE_ACCESS_ALLOWED 0x00000001L
#define TRUSTEE_ACCESS_READ 0x00000002L
#define TRUSTEE_ACCESS_WRITE 0x00000004L
#define TRUSTEE_ACCESS_EXPLICIT 0x00000001L
#define TRUSTEE_ACCESS_READ_WRITE (TRUSTEE_ACCESS_READ | \
TRUSTEE_ACCESS_WRITE)
#define TRUSTEE_ACCESS_ALL 0xFFFFFFFFL
http://www.delphibbs.com/delphibbs/dispq.asp?lid=651376
下面的两个函数分别对文件和共享资源添加访问权限,在 D6 + Win2kSvr 中通过。注意
AddFileAccessRights 也可对目录操作。
const
ACL_REVISION = 2;
ACL_REVISION2 = 2;
netapi32lib = 'Netapi32.dll';
Type
NET_API_STATUS = Integer;
PShare_Info_502 = ^TShare_Info_502;
TShare_Info_502 = record
shi502_netName: PWideChar;
shi502_type: DWORD;
shi502_remark: PWideChar;
shi502_permissions: DWORD;
shi502_max_uses: DWORD;
shi502_current_uses : DWORD;
shi502_path: PWideChar;
shi502_passwd: PWideChar;
shi502_reserved: DWORD;
shi502_security_descriptor: PSECURITY_DESCRIPTOR;
end;
ACE_HEADER = record
AceType: Byte;
AceFlags: Byte;
AceSize: Word;
end;
ACCESS_ALLOWED_ACE = record
Header:ACE_HEADER;
Mask:ACCESS_MASK;
SidStart:DWORD;
end;
ACL_SIZE_INFORMATION = record
AceCount: DWORD;
AclBytesInUse: DWORD;
AclBytesFree: DWORD;
end;
PACE_HEADER = ^ACE_HEADER;
function NetApiBufferFree(Buffer: Pointer): NET_API_STATUS; stdcall external netapi32lib;
function NetShareGetInfo(servername: LPWSTR; netname: LPWSTR; level: DWORD;
var butptr: Pointer): NET_API_STATUS; stdcall; external netapi32lib;
function NetShareSetInfo(servername: LPWSTR; netname: LPWSTR; leve: DWORD;
const buf: Pointer; parm_err: PDWORD): NET_API_STATUS; stdcall; external netapi32lib;
//添加文件、目录访问权限,对应于对象属性页中"安全" 页中的设置
function AddFileAccesRights(const FileName, UserName: string;
dwAccessMask: DWORD): boolean;
var
// SID variables
snuType : SID_NAME_USE;
szDomain : PChar;
cbDomain: DWORD;
pUserSID: Pointer;
cbUserSID: DWORD;
// File SD variables.
pFileSD: PSECURITY_DESCRIPTOR;
cbFileSD: DWORD;
// New SD variables.
pNewSD: PSECURITY_DESCRIPTOR;
// ACL variables.
p_ACL : PACL;
fDaclPresent, fDaclDefaulted : LongBool;
AclInfo: ACL_SIZE_INFORMATION;
// New ACL variables.
pNewACL : PACL;
cbNewACL: DWORD;
// Temporary ACE.
pTempAce: Pointer;
CurrentAceIndex : Cardinal;
begin
szDomain := nil;
cbDomain := 0;
pUserSID := nil;
cbUserSID := 0;
pFileSD := nil;
cbFileSD := 0;
pNewSD := nil;
p_ACL := nil;
pNewACL := nil;
pTempAce := nil;
//
// STEP 1: Get SID for given user.
//
Result := LookupAccountName(nil, PChar(UserName),
pUserSID, cbUserSID, szDomain, cbDomain, snuType);
// API should have failed with insufficient buffer.
if (not Result) and (GetLastError <> ERROR_INSUFFICIENT_BUFFER) then
RaiseLastWin32Error;
pUserSID := AllocMem(cbUserSID);
szDomain := AllocMem(cbDomain);
try
Result := LookupAccountName(nil, PChar(UserName),
pUserSID, cbUserSID, szDomain, cbDomain, snuType);
if (not Result) then
RaiseLastWin32Error;
// STEP 2: Get security descriptor (SD) for file.
Result := GetFileSecurity(PChar(FileName),
DACL_SECURITY_INFORMATION, pFileSD, 0, cbFileSD);
if (not Result) and (GetLastError <> ERROR_INSUFFICIENT_BUFFER) then
RaiseLastWin32Error;
pFileSD := AllocMem(cbFileSD);
Result := GetFileSecurity(PChar(FileName),
DACL_SECURITY_INFORMATION, pFileSD, cbFileSD, cbFileSD);
if (not Result) then
RaiseLastWin32Error;
// STEP 3: Initialize new SD.
pNewSD := AllocMem(cbFileSD); // Should be same size as FileSD.
if (not InitializeSecurityDescriptor(pNewSD,
SECURITY_DESCRIPTOR_REVISION)) then
RaiseLastWin32Error;
// STEP 4: Get DACL from SD.
if (not GetSecurityDescriptorDacl(pFileSD, fDaclPresent, p_ACL,
fDaclDefaulted)) then
RaiseLastWin32Error;
// STEP 5: Get size information for DACL.
AclInfo.AceCount := 0; // Assume NULL DACL.
AclInfo.AclBytesFree := 0;
AclInfo.AclBytesInUse := SizeOf(ACL);
if (fDaclPresent and Assigned(p_ACL)) then
begin
if (not GetAclInformation(p_ACL^, @AclInfo,
SizeOf(ACL_SIZE_INFORMATION), AclSizeInformation)) then
RaiseLastWin32Error;
// STEP 6: Compute size needed for the new ACL.
cbNewACL := AclInfo.AclBytesInUse + SizeOf(ACCESS_ALLOWED_ACE)
+ GetLengthSid(pUserSID) - SizeOf(DWORD);
// STEP 7: Allocate memory for new ACL.
pNewACL := AllocMem(cbNewACL);
// STEP 8: Initialize the new ACL.
if (not InitializeAcl(pNewACL^, cbNewACL, ACL_REVISION2)) then
RaiseLastWin32Error;
// STEP 9: If DACL is present, copy it to a new DACL.
if (fDaclPresent) then
begin
// STEP 10: Copy the file's ACEs to the new ACL.
if (AclInfo.AceCount > 0) then
begin
for CurrentAceIndex := 0 to AclInfo.AceCount - 1 do
begin
// STEP 11: Get an ACE.
if (not GetAce(p_ACL^, CurrentAceIndex, pTempAce)) then
RaiseLastWin32Error;
// STEP 12: Add the ACE to the new ACL.
if (not AddAce(pNewACL^, ACL_REVISION, MAXDWORD, pTempAce,
PACE_HEADER(pTempAce)^.AceSize)) then
RaiseLastWin32Error;
end
end
end;
// STEP 13: Add the access-allowed ACE to the new DACL.
if (not AddAccessAllowedAce(pNewACL^, ACL_REVISION2, dwAccessMask,
pUserSID)) then
RaiseLastWin32Error;
// STEP 14: Set the new DACL to the file SD.
if (not SetSecurityDescriptorDacl(pNewSD, True, pNewACL, False)) then
RaiseLastWin32Error;
// STEP 15: Set the SD to the File.
if (not SetFileSecurity(PChar(FileName), DACL_SECURITY_INFORMATION,
pNewSD)) then
RaiseLastWin32Error;
Result := True;
end;
finally
// STEP 16: Free allocated memory
if Assigned(pUserSID) then
FreeMem(pUserSID);
if Assigned(szDomain) then
FreeMem(szDomain);
if Assigned(pFileSD) then
FreeMem(pFileSD);
if Assigned(pNewSD) then
FreeMem(pNewSD);
if Assigned(pNewACL) then
FreeMem(pNewACL);
end;
end;
//添加共享资源的访问权限,对应于对象属性页中"共享" 页中的设置,注意 ShareName
//对应的资源应已被设置为共享。这可以通过 NetShareAdd API 设置
function AddShareAccesRights(const ShareName: WideString;
const UserName: string; dwAccessMask: DWORD): boolean;
var
// SID variables
snuType : SID_NAME_USE;
szDomain : PChar;
cbDomain: DWORD;
pUserSID: Pointer;
cbUserSID: DWORD;
// File SD variables.
pShareSD: PSECURITY_DESCRIPTOR;
// New SD variables.
pNewSD: PSECURITY_DESCRIPTOR;
// ACL variables.
p_ACL : PACL;
fDaclPresent, fDaclDefaulted : LongBool;
AclInfo: ACL_SIZE_INFORMATION;
//Share_Info variables
BufPtr: PShare_Info_502;
ShareInfo: TShare_Info_502;
// New ACL variables.
pNewACL : PACL;
cbNewACL: DWORD;
// Temporary ACE.
pTempAce: Pointer;
CurrentAceIndex : Cardinal;
parm_err: DWORD;
begin
szDomain := nil;
cbDomain := 0;
pUserSID := nil;
cbUserSID := 0;
pNewSD := nil;
p_ACL := nil;
pNewACL := nil;
pTempAce := nil;
BufPtr := nil;
// STEP 1: Get SID for given user.
Result := LookupAccountName(nil, PChar(UserName),
pUserSID, cbUserSID, szDomain, cbDomain, snuType);
// API should have failed with insufficient buffer.
if (not Result) and (GetLastError <> ERROR_INSUFFICIENT_BUFFER) then
RaiseLastWin32Error;
pUserSID := AllocMem(cbUserSID);
szDomain := AllocMem(cbDomain);
try
Result := LookupAccountName(nil, PChar(UserName),
pUserSID, cbUserSID, szDomain, cbDomain, snuType);
if (not Result) then
RaiseLastWin32Error;
// STEP 2: Get security descriptor (SD) for ShareRes.
if (NetShareGetInfo(nil, PWideChar(ShareName), 502, Pointer(BufPtr))
= ERROR_SUCCESS) then
begin
if not IsValidSecurityDescriptor(BufPtr^.shi502_security_descriptor) then
RaiseLastWin32Error;
end
else
RaiseLastWin32Error;
pShareSD := BufPtr^.shi502_security_descriptor;
// STEP 3: Initialize new SD.
pNewSD := AllocMem(GetSecurityDescriptorLength(pShareSD));
if (not InitializeSecurityDescriptor(pNewSD,
SECURITY_DESCRIPTOR_REVISION)) then
RaiseLastWin32Error;
// STEP 4: Get DACL from SD.
if (not GetSecurityDescriptorDacl(pShareSD, fDaclPresent, p_ACL,
fDaclDefaulted)) then
RaiseLastWin32Error;
//
// STEP 5: Get size information for DACL.
//
AclInfo.AceCount := 0; // Assume NULL DACL.
AclInfo.AclBytesFree := 0;
AclInfo.AclBytesInUse := SizeOf(ACL);
if (fDaclPresent and Assigned(p_ACL)) then
begin
if (not GetAclInformation(p_ACL^, @AclInfo,
SizeOf(ACL_SIZE_INFORMATION), AclSizeInformation)) then
RaiseLastWin32Error;
// STEP 6: Compute size needed for the new ACL.
cbNewACL := AclInfo.AclBytesInUse + SizeOf(ACCESS_ALLOWED_ACE)
+ GetLengthSid(pUserSID) - SizeOf(DWORD);
// STEP 7: Allocate memory for new ACL.
pNewACL := AllocMem(cbNewACL);
// STEP 8: Initialize the new ACL.
if (not InitializeAcl(pNewACL^, cbNewACL, ACL_REVISION2)) then
RaiseLastWin32Error;
// STEP 9: If DACL is present, copy it to a new DACL.
if (fDaclPresent) then
begin
// STEP 10: Copy the file's ACEs to the new ACL.
if (AclInfo.AceCount > 0) then
begin
for CurrentAceIndex := 0 to AclInfo.AceCount - 1 do
begin
// STEP 11: Get an ACE.
if (not GetAce(p_ACL^, CurrentAceIndex, pTempAce)) then
RaiseLastWin32Error;
// STEP 12: Add the ACE to the new ACL.
if (not AddAce(pNewACL^, ACL_REVISION, MAXDWORD, pTempAce,
PACE_HEADER(pTempAce)^.AceSize)) then
RaiseLastWin32Error;
end
end
end;
// STEP 13: Add the access-allowed ACE to the new DACL.
if (not AddAccessAllowedAce(pNewACL^, ACL_REVISION2, dwAccessMask,
pUserSID)) then
RaiseLastWin32Error;
// STEP 14: Set the new DACL to the new Share SD.
if (not SetSecurityDescriptorDacl(pNewSD, True, pNewACL, False)) then
RaiseLastWin32Error;
// STEP 15: Set the new SD to the ShareRes.
Move(BufPtr^,ShareInfo, SizeOf(ShareInfo));
ShareInfo.shi502_security_descriptor := pNewSD;
if not (NetShareSetInfo(nil, PWideChar(ShareName), 502, @ShareInfo,
@parm_err) = ERROR_SUCCESS) then
RaiseLastWin32Error;
Result := True;
end;
finally
// STEP 16: Free allocated memory
if Assigned(pUserSID) then
FreeMem(pUserSID);
if Assigned(szDomain) then
FreeMem(szDomain);
if Assigned(pNewSD) then
FreeMem(pNewSD);
if Assigned(pNewACL) then
FreeMem(pNewACL);
if Assigned(BufPtr) then
NetApiBufferFree(BufPtr);
end;
end;